080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgc/hgdpClick.c src/hg/hgc/hgdpClick.c
index cd2b125..cc6e457 100644
--- src/hg/hgc/hgdpClick.c
+++ src/hg/hgc/hgdpClick.c
@@ -395,31 +395,31 @@
 printf("</TABLE>\n");
 }
 
 void doHgdpGeo(struct trackDb *tdb, char *item)
 /* Show details page for HGDP SNP with population allele frequencies
  * plotted on a world map. */
 {
 struct sqlConnection *conn = hAllocConn(database);
 char query[512];
 struct sqlResult *sr;
 char **row;
 int start = cartInt(cart, "o");
 genericHeader(tdb, item);
 int hasBin=1;
 
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
       "select * from %s where name = '%s' and chrom = '%s' and chromStart = %d",
       tdb->table, item, seqName, start);
 sr = sqlGetResult(conn, query);
 if ((row = sqlNextRow(sr)) == NULL)
     errAbort("doHgdpGeo: no match in %s for %s at %s:%d", tdb->table, item, seqName, start);
 struct hgdpGeo *geo = hgdpGeoLoad(row+hasBin);
 sqlFreeResult(&sr);
 printCustomUrl(tdb, item, TRUE);
 bedPrintPos((struct bed *)geo, 4, tdb);
 printf("<B>Ancestral Allele:</B> %c<BR>\n", geo->ancestralAllele);
 printf("<B>Derived Allele:</B> %c<BR>\n", geo->derivedAllele);
 printOtherSnpMappings(tdb->table, item, start, conn, hasBin);
 printf("<BR>\n");
 printf("<TABLE><TR><TD>\n");
 hgdpGeoFreqTable(geo);